0Xc00005

**Name of the Vulnerable Software and Affected Versions** TDuckCloud tduck-platform version 5.1 **Description** A critical issue exists in TDuckCloud tduck-platform 5.1 related to SQL injection. The `UserFormDataMapper` function within the `src/main/java/com/tduck/cloud/form/mapper/UserFormDataMapper.java` file is susceptible to exploitation through manipulation of the `formKey` argument. This attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting or disabling the use of the `UserFormDataMapper` function until a patch is available.